RubyGems - ccrypto-java - Versions diffs - 0.1.0 → 0.2.0 - Mend

ccrypto-java 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

checksums.yaml +4 -4
data/.java-version +1 -1
data/.release_history.yml +4 -0
data/.ruby-version +1 -0
data/Gemfile +1 -1
data/Gemfile.lock +68 -53
data/Rakefile +2 -1
data/bin/console +14 -0
data/jars/bcjmail-jdk18on-172.jar +0 -0
data/jars/bcmail-jdk18on-172.jar +0 -0
data/jars/bcpg-jdk18on-172.1.jar +0 -0
data/jars/bcpkix-jdk18on-172.jar +0 -0
data/jars/bcprov-ext-jdk18on-172.jar +0 -0
data/jars/bcprov-jdk18on-172.jar +0 -0
data/jars/bctls-jdk18on-172.jar +0 -0
data/jars/bcutil-jdk18on-172.jar +0 -0
data/lib/ccrypto/java/bc_const_mapping.rb +42 -0
data/lib/ccrypto/java/data_conversion.rb +23 -2
data/lib/ccrypto/java/engines/argon2_engine.rb +95 -0
data/lib/ccrypto/java/engines/asn1_engine.rb +2 -1
data/lib/ccrypto/java/engines/bcrypt_engine.rb +56 -0
data/lib/ccrypto/java/engines/cipher_engine.rb +462 -130
data/lib/ccrypto/java/engines/compression_engine.rb +7 -28
data/lib/ccrypto/java/engines/crystal_dilithium_engine.rb +226 -0
data/lib/ccrypto/java/engines/crystal_kyber_engine.rb +260 -0
data/lib/ccrypto/java/engines/decompression_engine.rb +5 -4
data/lib/ccrypto/java/engines/digest_engine.rb +221 -139
data/lib/ccrypto/java/engines/ecc_engine.rb +249 -96
data/lib/ccrypto/java/engines/ed25519_engine.rb +211 -0
data/lib/ccrypto/java/engines/hkdf_engine.rb +82 -23
data/lib/ccrypto/java/engines/hmac_engine.rb +98 -23
data/lib/ccrypto/java/engines/pbkdf2_engine.rb +82 -33
data/lib/ccrypto/java/engines/pkcs7_engine.rb +44 -33
data/lib/ccrypto/java/engines/rsa_engine.rb +85 -31
data/lib/ccrypto/java/engines/scrypt_engine.rb +12 -3
data/lib/ccrypto/java/engines/secret_key_engine.rb +77 -12
data/lib/ccrypto/java/engines/secret_sharing_engine.rb +17 -2
data/lib/ccrypto/java/engines/x25519_engine.rb +249 -0
data/lib/ccrypto/java/engines/x509_csr_engine.rb +141 -0
data/lib/ccrypto/java/engines/x509_engine.rb +365 -71
data/lib/ccrypto/java/ext/secret_key.rb +37 -25
data/lib/ccrypto/java/ext/x509_cert.rb +429 -5
data/lib/ccrypto/java/ext/x509_csr.rb +151 -0
data/lib/ccrypto/java/jce_provider.rb +0 -11
data/lib/ccrypto/java/keystore/jce_keystore.rb +205 -0
data/lib/ccrypto/java/keystore/jks_keystore.rb +52 -0
data/lib/ccrypto/java/keystore/keystore.rb +97 -0
data/lib/ccrypto/java/keystore/pem_keystore.rb +147 -0
data/lib/ccrypto/java/keystore/pkcs12_keystore.rb +56 -0
data/lib/ccrypto/java/utils/comparator.rb +25 -2
data/lib/ccrypto/java/version.rb +1 -1
data/lib/ccrypto/java.rb +46 -0
data/lib/ccrypto/provider.rb +139 -3
metadata +40 -24
data/ccrypto-java.gemspec +0 -44
data/jars/bcmail-jdk15on-165.jar +0 -0
data/jars/bcpg-jdk15on-165.jar +0 -0
data/jars/bcpkix-jdk15on-165.jar +0 -0
data/jars/bcprov-ext-jdk15on-165.jar +0 -0
data/jars/bcprov-jdk15on-165.jar +0 -0
data/jars/bctls-jdk15on-165.jar +0 -0
data/lib/ccrypto/java/keybundle_store/pkcs12.rb +0 -125

data/lib/ccrypto/java/engines/ecc_engine.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 require_relative '../data_conversion'
-require_relative '../keybundle_store/pkcs12'
+require_relative '../keystore/keystore'
 module Ccrypto
   module Java
@@ -9,181 +9,309 @@ module Ccrypto
     class ECCPublicKey < Ccrypto::ECCPublicKey
       include DataConversion
-      def to_bin
-        @native_pubKey.encoded
+      def initialize(kp, curve)
+        super(kp)
+        @curve = curve
+      end
+      def curve
+        @curve
+      end
+      def to_bin(enc = :bin)
+        res = @native_pubKey.encoded
+        case enc
+        when :b64, :base64
+          to_b64(res)
+        when :hex
+          to_hex(res)
+        else
+          res
+        end
       end
       def encoded
         to_bin
       end
+      def to_pem
+        cont = ["-----BEGIN ECC PUBLIC KEY-----\n"]
+        cont << to_b64(to_bin)
+        cont << "\n-----END ECC PUBLIC KEY-----"
+        cont.join
+      end
+      def self.from_pem(str)
+        if str =~ /ECC PUBLIC/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an ECC public key"
+        end
+      end
+      # from binary to public key object
       def self.to_key(bin)
         bin = to_java_bytes(bin) if not bin.is_a?(::Java::byte[])
         pubKey = java.security.KeyFactory.getInstance("ECDSA", "BC").generatePublic(java.security.spec.X509EncodedKeySpec.new(bin))
-        ECCPublicKey.new(pubKey)
+        #p pubKey
+        curve = pubKey.params.name
+        ECCPublicKey.new(pubKey, curve)
       end
-    end
+      def equals?(pubKey)
+        if not @native_pubKey.nil?
+          case pubKey
+          when ECCPublicKey
+            @native_pubKey.encoded == pubKey.to_bin
+          else
+            logger.warn "Unmatched public key : (native) #{@native_pubKey} vs. (subject) #{pubKey}"
+            false
+          end
+        else
+          logger.warn "ECCPublicKey equals? returned false because native_pubKey is nil"
+          false
+        end
+      end
+      alias_method :key_equals?, :equals?
+      private
+      def logger
+        Ccrypto::Java.logger(:ecc_pubKey)
+      end
+    end # class ECCPublicKey
+    class ECCPrivateKey < Ccrypto::ECCPrivateKey
+      include DataConversion
+      def self.to_key(bin, &block)
+        if block
+          prov = block.call(:jce_provider)
+        else
+          prov = JCEProvider::BCProv
+        end
+        kf = java.security.KeyFactory.getInstance("ECDSA",prov)
+        priv = kf.generate_private(java.security.spec.PKCS8EncodedKeySpec.new(bin))
+        curve = priv.params.name
+        ECCPrivateKey.new(priv, curve)
+      end
+      attr_reader :curve
+      def initialize(privKey, curve = nil)
+        super(privKey)
+        @curve = curve
+      end
+      def to_pem
+        cont = ["-----BEGIN ECC PRIVATE KEY-----\n"]
+        cont << to_b64(@native_privKey.encoded)
+        cont << "\n-----END ECC PRIVATE KEY-----"
+        cont.join
+      end
+      def self.from_pem(str)
+        if str =~ /ECC PRIVATE/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an ECC private key"
+        end
+      end
+      def to_bin
+        @native_privKey.encoded
+      end
+      def equals?(privKey)
+        if not @native_privKey.nil?
+          case privKey
+          when ECCPrivateKey
+            @native_privKey.encoded == privKey.to_bin
+          else
+            logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
+            false
+          end
+        else
+          logger.warn "ECCPrivateKey equals? returned false because native_privKey is nil"
+          false
+        end
+      end
+      alias_method :key_equals?, :equals?
+    end # class ECCPrivateKey
     class ECCKeyBundle
       include Ccrypto::ECCKeyBundle
       include TR::CondUtils
       include DataConversion
-      include PKCS12
-      include TeLogger::TeLogHelper
-      teLogger_tag :j_ecc_keybundle
+      def initialize(kp, conf)
+        @nativeKeypair = kp
+        @config = conf
+      end
-      def initialize(kp)
-        @keypair = kp
+      def curve
+        @config.provider_config[:curve]
       end
-      def native_keypair
-        @keypair
+      # standardize external API
+      def key_param
+        @config
       end
+      # standardize external API
       def public_key
         if @pubKey.nil?
-          @pubKey = ECCPublicKey.new(@keypair.public)
+          @pubKey = ECCPublicKey.new(@nativeKeypair.public, @config.curve)
         end
         @pubKey
       end
+      # standardize external API
       def private_key
-        ECCPrivateKey.new(@keypair.private)
+        ECCPrivateKey.new(@nativeKeypair.private)
       end
-      def derive_dh_shared_secret(pubKey, &block)
+      # standardize external API
+      def derive_enc_shared_secret(*args, &block)
+        derive_dh_shared_secret(*args, &block)
+      end
-        JCEProvider.instance.add_bc_provider
+      # standardize external API
+      def derive_dec_shared_secret(*args, &block)
+        derive_dh_shared_secret(*args, &block)
+      end
-        ka = javax.crypto.KeyAgreement.getInstance("ECDH", JCEProvider::DEFProv)
-        ka.init(@keypair.private)
+      def is_public_key_equal?(pubKey)
+        public_key.equals?(pubKey)
+      end
-        case pubKey
-        when ECCPublicKey
-          pub = pubKey.native_pubKey
-        when java.security.PublicKey
-          pub = pubKey
-        else
-          raise KeypairEngineException, "Unsupported public key type #{pubKey.class}"
-        end
-        ka.doPhase(pub, true)
-        #ka.doPhase(pubKey.native_pubKey, true)
-        if block
-          keyType = block.call(:keytype)
+      def equal?(kp)
+        case kp
+        when Ccrypto::ECCKeyBundle
+          private_key.encoded == kp.private_key.encoded
         else
-          keyType = "AES"
+          false
         end
-        keyType = "AES" if is_empty?(keyType)
-        teLogger.debug "Generate secret key type #{keyType}"
-        ka.generateSecret(keyType).encoded
       end
-      def is_public_key_equal?(pubKey)
-        @keypair.public.encoded == pubKey.encoded
-      end
-      def to_storage(type, &block)
-        case type
-        when :p12, :pkcs12
-          to_pkcs12 do |key|
+      def write_keystore(type, &block)
+        ksType = Keystore.map_keystore_type(type)
+        case ksType
+        when :pkcs12
+          Keystore::PKCS12Keystore.to_p12 do |key, *val|
             case key
             when :keypair
-              @keypair
+              @nativeKeypair
             else
               block.call(key) if block
             end
           end
         when :jks
-          to_pkcs12 do |key|
+          Keystore::JKSKeystore.to_jks do |key, *val|
             case key
-            when :storeType
-              "JKS"
             when :keypair
-              @keypair
+              @nativeKeypair
             else
-              block.call(key) if key
+              block.call(key) if block
             end
           end
-        when :pem
-          header = "-----BEGIN EC PRIVATE KEY-----\n"
-          footer = "\n-----END EC PRIVATE KEY-----"
-          out = StringIO.new
-          out.write header
-          out.write to_b64_mime(@keypair.private.encoded)
-          out.write footer
-          out.string
         else
-          raise KeypairEngineException, "Unknown storage type #{type}"
+          raise Ccrypto::Keystore::KeystoreException, "Unsupported keystore type '#{type}' for engine '#{self.class.name}'"
         end
       end
-      def self.from_storage(bin, &block)
-        if is_pem?(bin)
-        else
-          from_pkcs12(bin, &block)
-        end
+      private
+      def derive_dh_shared_secret(pubKey, &block)
-      end
+        JCEProvider.instance.add_bc_provider
-      def self.is_pem?(bin)
-        begin
-          (bin =~ /BEGIN/) != nil
-        rescue ArgumentError => ex
-          false
-        end
-      end
+        ka = javax.crypto.KeyAgreement.getInstance("ECDH", JCEProvider::DEFProv)
+        ka.init(@nativeKeypair.private)
-      def equal?(kp)
-        case kp
-        when Ccrypto::ECCKeyBundle
-          @keypair.encoded == kp.private.encoded
+        case pubKey
+        when ECCPublicKey
+          #teLogger.debug "pubKey instanceof ECCPublicKey"
+          pub = pubKey.native_pubKey
+        when java.security.PublicKey
+          #teLogger.debug "pubKey instanceof java.security.PublicKey"
+          pub = pubKey
         else
-          false
+          raise KeypairEngineException, "Unsupported public key type #{pubKey.class}"
         end
+        ka.doPhase(pub, true)
+        ka.generateSecret
+        #if block
+        #  keyType = block.call(:keytype)
+        #else
+        #  keyType = "AES"
+        #end
+        #keyType = "AES" if is_empty?(keyType)
+        #teLogger.debug "Generate secret key type #{keyType}"
+        #ka.generateSecret(keyType).encoded
       end
       def method_missing(mtd, *args, &block)
         teLogger.debug "Sending to native #{mtd}"
-        @keypair.send(mtd, *args, &block)
+        @nativeKeypair.send(mtd, *args, &block)
       end
       def respond_to_missing?(mtd, incPriv = false)
         teLogger.debug "Respond to missing #{mtd}"
-        @keypair.respond_to?(mtd)
+        @nativeKeypair.respond_to?(mtd)
       end
-    end
+      def teLogger
+        Ccrypto::Java.logger(:ecc_keybundle)
+      end
+    end # class ECCKeyBundle
     class ECCEngine
       include TR::CondUtils
       include DataConversion
-      include TeLogger::TeLogHelper
-      teLogger_tag :j_ecc
       def self.supported_curves
         if @curves.nil?
-          @curves = org.bouncycastle.asn1.x9.ECNamedCurveTable.getNames.sort.to_a.map { |c| Ccrypto::ECCConfig.new(c) }
+          @curves = org.bouncycastle.asn1.x9.ECNamedCurveTable.getNames.sort.to_a.map { |c|
+            conf = Ccrypto::ECCConfig.new(c.downcase.to_sym)
+            conf.provider_config = { curve: c }
+            conf
+          }
         end
         @curves
       end
+      def self.find_curve(name)
+        case name
+        when String, Symbol
+          supported_curves.select { |c| c.provider_config[:curve] == name or c.curve == name.downcase.to_sym }.first
+        when Ccrypto::ECCKeyBundle
+          fname = name.key_param
+          supported_curves.select { |c| c.provider_config[:curve] == fname.provider_config[:curve] or c.curve == fname.algo }.first
+        when Ccrypto::ECCPublicKey
+          fname = name.curve
+          supported_curves.select { |c| c.provider_config[:curve] == fname or c.curve == fname.to_sym }.first
+        else
+          raise KeypairEngineException, "Not supported curve finder with '#{name.class}'"
+        end
+      end
+      class <<self
+        alias_method :supported_params, :supported_curves
+        alias_method :find_by_param, :find_curve
+      end
       def initialize(*args,&block)
         @config = args.first
         raise KeypairEngineException, "1st parameter must be a #{Ccrypto::KeypairConfig.class} object" if not @config.is_a?(Ccrypto::KeypairConfig)
+        raise KeypairEngineException, "Keypair config must be an initialized config. Please get the initialized config from the list of supported_curves()" if is_empty?(@config.provider_config)
       end
       def generate_keypair(&block)
@@ -207,10 +335,10 @@ module Ccrypto
         kpg = java.security.KeyPairGenerator.getInstance(algoName, prov)
         #kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom], java.security.spec.ECGenParameterSpec.new(curve), java.security.SecureRandom.new
-        kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, randomEngine.class], java.security.spec.ECGenParameterSpec.new(@config.curve), randomEngine
+        kpg.java_send :initialize, [java.security.spec.AlgorithmParameterSpec, randomEngine.class], java.security.spec.ECGenParameterSpec.new(@config.provider_config[:curve]), randomEngine
         kp = kpg.generate_key_pair
-        kb = ECCKeyBundle.new(kp)
+        kb = ECCKeyBundle.new(kp, @config)
         kb
       end
@@ -227,7 +355,7 @@ module Ccrypto
         sign = java.security.Signature.getInstance("SHA256WithECDSA")
         sign.initSign(kp.private_key)
-        teLogger.debug "Signing data : #{val}"
+        #teLogger.debug "Signing data : #{val}"
         case val
         when java.io.InputStream
           buf = Java::byte[102400].new
@@ -244,7 +372,7 @@ module Ccrypto
       def self.verify(pubKey, val, sign)
         ver = java.security.Signature.getInstance("SHA256WithECDSA")
         ver.initVerify(pubKey)
-        teLogger.debug "Verifing data : #{val}"
+        #teLogger.debug "Verifing data : #{val}"
         case val
         when java.io.InputStream
           buf = Java::byte[102400].new
@@ -258,6 +386,31 @@ module Ccrypto
         ver.verify(to_java_bytes(sign))
       end
+      #
+      # KeyFactory keyFactory = KeyFactory.getInstance(EC.getAlgorithmName(), BouncyCastleProviderHolder.getInstance());
+      # BCECPrivateKey ecPrivateKey = (BCECPrivateKey) privateKey;
+      # ECParameterSpec ecParameterSpec = ecPrivateKey.getParameters();
+      # ECPoint ecPoint = new FixedPointCombMultiplier().multiply(ecParameterSpec.getG(), ecPrivateKey.getD());
+      # ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
+      # return keyFactory.generatePublic(keySpec);
+      #
+      def self.ecc_public_key_from_private_key(privKey)
+        kf = java.security.KeyFactory.getInstance("ECDSA", JCEProvider::BCProv)
+        param = privKey.parameters
+        ecPoint = org.bouncycastle.math.ec.FixedPointCombMultiplier.new.multiply(param.g, privKey.d)
+        keySpec = org.bouncycastle.jce.spec.ECPublicKeySpec.new(ecPoint, param)
+        kf.generatePublic(keySpec)
+      end
+      private
+      def self.teLogger
+        Ccrypto::Java.logger(:ecc_eng)
+      end
+      def teLogger
+        self.class.teLogger
+      end
     end
   end
 end

data/lib/ccrypto/java/engines/ed25519_engine.rb ADDED Viewed

@@ -0,0 +1,211 @@
+require_relative '../data_conversion'
+module Ccrypto
+  module Java
+    class ED25519PublicKey < Ccrypto::ED25519PublicKey
+      include DataConversion
+      def to_bin
+        @native_pubKey.encoded
+      end
+      def self.to_key(bin)
+        pubKey = java.security.KeyFactory.getInstance("ED25519", "BC").generatePublic(java.security.spec.X509EncodedKeySpec.new(bin))
+        ED25519PublicKey.new(pubKey)
+      end
+      def to_pem
+        cont = ["-----BEGIN ED25519 PUBLIC KEY-----\n"]
+        cont << to_b64(to_bin)
+        cont << "\n-----END ED25519 PUBLIC KEY-----"
+        cont.join
+      end
+      def self.from_pem(str)
+        if str =~ /ED25519 PUBLIC/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an ED25519 public key"
+        end
+      end
+    end # ED25519PublicKey
+    class ED25519PrivateKey < Ccrypto::ED25519PrivateKey
+      include DataConversion
+      def self.to_key(bin, &block)
+        if block
+          prov = block.call(:jce_provider)
+        else
+          prov = JCEProvider::BCProv
+        end
+        kf = java.security.KeyFactory.getInstance("ED25519",prov)
+        priv = kf.generate_private(java.security.spec.PKCS8EncodedKeySpec.new(bin))
+        ED25519PrivateKey.new(priv)
+      end
+      def to_pem
+        cont = ["-----BEGIN ED25519 PRIVATE KEY-----\n"]
+        cont << to_b64(@native_privKey.encoded)
+        cont << "\n-----END ED25519 PRIVATE KEY-----"
+        cont.join
+      end
+      def self.from_pem(str)
+        if str =~ /ED25519 PRIVATE/
+          cont = str.lines[1..-2].join.strip
+          to_key(from_b64(cont))
+        else
+          raise KeypairEngineException, "Not an ED25519 private key"
+        end
+      end
+      def to_bin
+        @native_privKey.encoded
+      end
+      def equals?(privKey)
+        if not @native_privKey.nil?
+          case privKey
+          when ED25519PrivateKey
+            @native_privKey.encoded == privKey.to_bin
+          else
+            logger.warn "Unmatched private key : (native) #{@native_privKey} vs. (subject) #{privKey}"
+            false
+          end
+        else
+          logger.warn "ED25519PrivateKey equals? returned false because native_privKey is nil"
+          false
+        end
+      end
+      alias_method :key_equals?, :equals?
+    end # ED25519PrivateKey
+    class ED25519KeyBundle
+      include Ccrypto::ED25519KeyBundle
+      include Ccrypto::X25519KeyBundle
+      include TR::CondUtils
+      include DataConversion
+      include TeLogger::TeLogHelper
+      teLogger_tag :ed25519_kb_j
+      def initialize(kp)
+        @nativeKeypair = kp
+      end
+      def public_key
+        if @pubKey.nil?
+          @pubKey = ED25519PublicKey.new(@nativeKeypair.getPublic)
+        end
+        @pubKey
+      end
+      def private_key
+        ED25519PrivateKey.new(@nativeKeypair.getPrivate)
+      end
+      def derive_dh_shared_secret(pubKey, &block)
+        JCEProvider.instance.add_bc_provider
+        ka = javax.crypto.KeyAgreement.getInstance("X25519",JCEProvider::BCProv.name)
+        ka.init(@nativeKeypair.getPrivate)
+        ka.doPhase(pubKey, true)
+        ka.generateSecret()
+      end
+    end # ED25519KeyBundle
+    class ED25519Engine
+      include TR::CondUtils
+      include DataConversion
+      include TeLogger::TeLogHelper
+      teLogger_tag :ed25519_eng_j
+      def self.supported_params
+        []
+      end
+      def initialize(*args, &block)
+        @config = args.first
+      end
+      def generate_keypair(&block)
+        JCEProvider.instance.add_bc_provider
+        kg = java.security.KeyPairGenerator.getInstance("ED25519", JCEProvider::BCProv.name)
+        ED25519KeyBundle.new(kg.generateKeyPair)
+      end
+      def sign(val, &block)
+        sign = java.security.Signature.getInstance("EdDSA", JCEProvider::BCProv.name)
+        case @config.keypair
+        when ED25519KeyBundle
+          privKey = @config.keypair.nativeKeypair.getPrivate
+        else
+          raise KeypairEngineException,"Unsupported keypair type '#{@config.keypair.class}'"
+        end
+        sign.initSign(privKey)
+        case val
+        when java.io.InputStream
+          buf = Java::byte[102400].new
+          while((read = val.read(buf, 0, buf.length)) != nil)
+            sign.update(buf,0,read)
+          end
+        else
+          sign.update(to_java_bytes(val))
+        end
+        sign.sign
+      end
+      def self.verify(pubKey, val, sign)
+        ver = java.security.Signature.getInstance("EdDSA", JCEProvider::BCProv.name)
+        case pubKey
+        when ED25519PublicKey
+          uPubKey = pubKey.native_pubKey
+        else
+          raise KeypairEngineException, "Unsupported public key type '#{pubKey.class}'"
+        end
+        ver.initVerify(uPubKey)
+        case val
+        when java.io.InputStream
+          buf = Java::byte[102400].new
+          while((read = val.read(buf, 0 ,buf.length)) != nil)
+            ver.update(buf,0, read)
+          end
+        else
+          ver.update(to_java_bytes(val))
+        end
+        ver.verify(to_java_bytes(sign))
+      end
+    end
+  end
+end